Spybot - Search & Destroy
What is Spybot - Search & Destroy?
Spybot Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows. It scans the computer hard disk and/or RAM for malicious software. In addition to spyware and adware detection and disinfection, Spybot-S&D can repair the registry, winsock LSPs, ActiveX objects, browser hijackers and BHOs, PUPS, computer cookies, trackerware, heavy duty, homepage hijackers, keyloggers, LSP, tracks, trojans, spybots, revision, and other kinds of malware. It can also delete tracking cookies.
About (from Safer-Networking)
Spybot - Search & Destroy can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer. Modules chosen for removal can be sent directly to the included file shredder, ensuring ... Read more
Overview
The most common release is 1.6.2, with over 98% of all installations currently using this version. During setup, the program creates a startup registration point in Windows in order to automatically start when any user boots the PC. Upon being installed, the software adds a Windows Service which is designed to run continuously in the background. Manually stopping the service has been seen to cause the program to stop functing properly. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager. The program adds a toolbar to Microsoft Internet Explorer. A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). The software is designed to connect to the Internet and adds a Windows Firewall exception in order to do so without being interfered with. The primary executable is named spybotsd.exe. The setup package generally installs about 50 files and is usually about 65.78 MB (68,972,049 bytes). The installed file SDUpdate.exe is the auto-update component of the program which is designed to check for software updates and notify and apply them when new versions are discovered.
Program details
URL: www.safer-networking.org
Help link: www.safer-networking.org/index.php?page=support
Installation folder: C:\Program Files\Spybot - Search & Destroy\
Uninstaller: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Estimated size: 65.78 MB
Language: English (United States)
Files installed by Spybot - Search & Destroy
| Program executable: | spybotsd.exe |
| Name: | SpyBot-S&D |
| Spybot - Search & Destroy |
| Signed by: | Safer Networking Ltd. |
| Path: | C:\Program Files\spybot - search & destroy\spybotsd.exe |
| MD5: | 0477c2f9171599ca5bc3307fdfba8d89 |
| (From the publisher) “Spybot-S&D is free for private use. Even if you don’t see the symptoms, your computer may be infected. The creators of spyware are constantly developing new ways of invading your privacy. Team Spybot works 24/7 detecting...” |
Additional files:
-
spybotsd-2.0.3-beta1.exe - Spybot - Search & Destroy 2
-
advcheck.dll - Spybot - Search & Destroy (Dateiüberprüfungs-Bibliothek)
-
blindman.exe - Dummy
-
SDDelFile.exe - Kommandozeilen-Dateientfernen-Werkzeug für Spybot-S&D
-
SDFiles.exe - Single file on-demand scanner
-
SDHelper.dll - SBSD IE Protection
-
SDUpdate.exe - Updater for Spybot-S&D
-
spybotsd160.exe
-
spybotsd-2.0.8-beta6.exe
-
TeaTimer.exe - System settings protector
-
TeaTimer_original.exe
-
Tools.dll - Bibliothek für Spybot-S&D
-
UninsSrv.dll - Uninstallation survey
-
Update.exe - External updater
-
SDShred.exe - Secure Shredder (File shredder formerly integrated into Spybot-S&D)
-
RootAlyzer.exe - RootAlyzer (Tests for a few standard rootkit hiding mechanisms.)
-
SDFiles.dll - SpyBot-S&D (Spybot - Search & Destroy File Scanner)
-
regalyz-1.6.2.16.exe - RegAlyzer (Advanced Registry Editor)
-
runalyz-1.6.1.24.exe - RunAlyzer (Multi-Installation Autostart & Configuration Manager)
-
spybotsd13.exe - Spybot - Search & Destroy Setup
-
spybotsd14.exe
-
spybotsd152.exe
-
SDMain.exe - Spybot-S&D Security Center launcher
-
SDWinSec.exe - Spybot-S&D Security Center integration
-
aports.dll (by SmartLine) - Active Ports (Maps TCP and UDP ports to the owning processes)
-
unins000.exe - Inno Setup (Setup/Uninstall)
-
DelZip179.dll (by DelphiZip) - DelphiZip (Freeware Zip/Unzip)
Behaviors exhibited
Internet Explorer BHO
- SDHelper.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'McAfee SiteAdvisor BHO' with the class of {B164E929-A1B6-4A06-B104-2CD0E90A88FF}.
Internet Explorer Extension
- SDHelper.dll is installed as an Internet Explorer extension using the class {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}.
Internet Explorer Toolbar
- SDHelper.dll is loaded as Internet Explorer Toolbar with the name 'McAfee SiteAdvisor Toolbar' with the class of {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (McAfee SiteAdvisor).
Internet Explorer URL Search Hook
- SDHelper.dll loads into IE as a URL Search Hook named 'McAfee SiteAdvisor Toolbar' with a class of {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} in order to redirect unknown URL searches.
Internet Explorer Web Browser
- SDHelper.dll installs an IE Web Browser in Internet Explorer named '&Crawler Toolbar' with a class of {C4D78C72-08DB-4A3F-9175-B265157283F3}.
8 Scheduled Tasks
- SpybotSD.exe is scheduled as a task with the class '{DF53BA36-E6AD-4933-ABA4-3205B316BF82}' (runs on registration).
- SDUpdate.exe is scheduled as a task with the class '{DB90B1BA-0DB7-416C-9776-6960F9A69ECF}' (runs on registration).
- SDMain.exe is scheduled as a task named 'Spybot' (runs daily at 6:00 PM).
- SDShred.exe is scheduled as a task with the class '{192F682F-8BC3-4B14-AF53-A907FE8CBCBF}' (runs on registration).
- unins000.exe is scheduled as a task with the class '{E253CDA2-9362-4542-A47D-5D5FF5EEF4FA}' (runs on registration).
- SDWinSec.exe is scheduled as a task with the class '{FC9AC3CC-0EC6-4CF1-96F3-CF906C157937}' (runs on registration).
Plus 2 more
2 Scheduled Tasks (Boot/Login)
- TeaTimer.exe is automatically launched at startup through a scheduled task named 2.
- SpybotSD.exe is automatically launched at startup through a scheduled task named Spybot - Search & Destroy.
Service
- SDWinSec.exe runs as a service named 'SBSD Security Center Service' (SBSDWSCService).
2 Startup Files (User Run)
- TeaTimer.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'SpybotSD TeaTimer' and executes as C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe.
- TeaTimer_original.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'SpybotSD TeaTimer' and executes as C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe.
3 Startup Files (All Users Run)
- SDMain.exe is loaded in the all users (HKLM) registry as a startup file name 'Spybot' which loads as C:\Program Files\Spybot - Search & Destroy\SDMain.exe.
- TeaTimer.exe is loaded in the all users (HKLM) registry as a startup file name 'TeaTimer.exe' which loads as W:\Program Files\Spybot - Search & Destroy\TeaTimer.exe.
- SpybotSD.exe is loaded in the all users (HKLM) registry as a startup file name 'SpybotSnD' which loads as "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe".
Startup File (All Users Run Once)
- SpybotSD.exe is loaded once in the all users (HKLM) registry as a startup file name 'SpybotSnD' which loads as "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck.
7 Windows Firewall Allowed Programs
- SDUpdate.exe is added as a firewall exception for 'C:\Program Files\Spybot\SDUpdate.exe'.
- SpybotSD.exe is added as a firewall exception for 'C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe'.
- Update.exe is added as a firewall exception for 'C:\Program Files\Spybot - Search & Destroy\Update.exe'.
- unins000.exe is added as a firewall exception for 'C:\Program Files\Spybot - Search & Destroy\unins000.exe'.
- SDShred.exe is added as a firewall exception for 'C:\Program Files\Spybot - Search & Destroy\SDShred.exe'.
- SDMain.exe is added as a firewall exception for 'C:\Program Files\Spybot - Search & Destroy\SDMain.exe'.
Plus 1 more
Resource utilization averages
Show technical details
| spybotsd.exe |
| Memory: | 44.77 MB | |
| Total CPU: | 1.6544138927% | |
| Kernel CPU: | 0.35269601% | |
| User CPU: | 1.30171788% | |
| Switches/sec: | 117 | |
| I/O reads/min: | 268.63 KB | |
| I/O writes/min: | 45 Bytes | |
| TeaTimer.exe |
| Memory: | 72.11 MB | |
| Total CPU: | 0.0070373328% | |
| Kernel CPU: | 0.00246928% | |
| User CPU: | 0.00456806% | |
| CPU cycles/sec: | 14,792,179 | |
| Switches/sec: | 138 | |
| I/O reads/min: | 83.88 KB | |
| I/O writes/min: | 42.94 KB | |
| SDWinSec.exe |
| Memory: | 13.14 MB | |
| Total CPU: | 0.0018679375% | |
| Kernel CPU: | 0.00121284% | |
| User CPU: | 0.00065510% | |
| CPU cycles/sec: | 370,972 | |
| I/O reads/min: | 2.81 KB | |
How do I remove Spybot - Search & Destroy?
You can uninstall Spybot - Search & Destroy from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program Spybot - Search & Destroy, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove Spybot - Search & Destroy.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by Spybot - Search & Destroy you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
OS VERSIONS
Win 7 (SP1) 60%
Win 7 0%
|
|
HOW IT STARTS
Automatically starts? Yes
(Found in the run registry)
|
|
USER ACTIONS
 |
Uninstall it 6%
Keep it 94%
|
|
Windows
Which Windows OS versions does it run on?
| Windows 7 |
63.60% |
|
| Windows XP |
13.19% |
|
| Windows Vista |
12.32% |
|
| Windows 10 |
10.82% |
|
| Windows Server 2003 |
0.07% |
|
Which OS releases does it run on? |
| Windows 7 Home Premium |
39.76% |
|
| Microsoft Windows XP |
13.12% |
|
| Windows 7 Professional |
11.04% |
|
| Windows 7 Ultimate |
10.84% |
|
| Windows Vista Home Premiu... |
9.81% |
|
| Windows 8.1 |
4.00% |
|
Geography
61.58% of installs come from the United States
Which countries install it?
| United States |
61.58% |
| United Kingdom |
5.49% |
| France |
5.01% |
| Germany |
3.91% |
| Canada |
3.47% |
| Italy |
2.49% |
| Australia |
1.74% |
| Spain |
1.48% |
| Brazil |
1.32% |
| Netherlands |
1.04% |
| Belgium |
0.99% |
| Japan |
0.80% |
| Sweden |
0.67% |
| Israel |
0.59% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
| Dell |
26.40% |
|
| Hewlett-Packard |
26.07% |
|
| Acer |
14.96% |
|
| Toshiba |
8.46% |
|
| GIGABYTE |
7.12% |
|
| ASUS |
6.82% |
|
| Intel |
2.93% |
|
| Lenovo |
2.12% |
|
| Samsung |
2.08% |
|
| American Megatrends |
2.05% |
|
| Sahara |
1.01% |
|
Common models |
| HP Pavilion dv6 Notebook ... |
6.96% |
|
| HP Pavilion dv7 Notebook ... |
6.38% |
|
| HP Pavilion g7 Notebook P... |
3.19% |
|
| HP Pavilion g6 Notebook P... |
3.17% |
|
| Dell Inspiron 1545 |
3.12% |
|
| Dell Inspiron 530 |
2.72% |
|
About (from Safer-Networking Ltd.)
Spybot is maintained by a team of people very dedicated to privacy issues, many of which are working full-time on analysing masses of new threats each week, and the response time from our support team is better than that of many a commercial vendor.
Publisher URL: www.safer-networking.org